IRS tax forms W-9 email scam drops Emotet malware

Researchers have warned users to be on alert, as the IRS never sends emails to confirm taxpayers’ personal information.

Emotet malware is known for stealing personal data and financial details from a targeted device.

The cybersecurity researchers at Malwarebytes have warned taxpayers about a new IRS tax email scam that delivers Emotet malware, a notorious banking Trojan that steals sensitive financial information from victims’ computers.

According to the researchers, the fraudulent emails appear to be sent from the agency and contain a subject line such as IRS Tax Form W-9. The message simply asks the recipient if they require a hard copy of the tax form, stating, “Let me know if you would like a hard copy mailed as well.”

IRS tax forms W-9 email scam contains Emotet malware
The malicious email (Credit: Malwarebytes)

However, the attachment is actually a malicious payload that installs the Emotet malware onto the victim’s device if Marcos is enabled. Once the malware is installed, it can steal sensitive information such as login credentials, financial data, and personally identifiable information.

Moreover, the malicious Microsoft Word document is 500MB in size, which alone should stand as the biggest indicator that something is wrong with the downloaded file.

It is also worth noting that users should also beware of emails that contain subject lines like “Tax Payment Request” or “Automatic Income Tax Reminder” which instruct the recipient to download a Microsoft document file to review and confirm their personal details.

The latest IRS tax malspam scam should not come as a surprise, as malicious Microsoft document files were found to be responsible for 43% of all malware downloads in 2021.

The Emotet malware has been active since 2014 and is known for its ability to evade detection and spread rapidly. It has been used to distribute other malware strains such as TrickBot and Ryuk ransomware, which have caused significant damage to organizations around the world.

The researchers advise taxpayers to be cautious of unsolicited emails, especially those that request personal information or contain suspicious links or attachments. On the other hand, the IRS recommends that recipients do not click on any links or download any attachments in such emails, and instead forward them to the IRS at [email protected].

The IRS has reminded taxpayers that it does not initiate contact with taxpayers via email, text messages, or social media channels. The agency only communicates with taxpayers through traditional mail delivered by the United States Postal Service, or through secure online accounts on its official website,

Taxpayers who have clicked on a link or downloaded an attachment from a suspicious email should immediately contact their IT department or a reputable cybersecurity firm for assistance. They should also file a complaint with the FBI’s Internet Crime Complaint Center (IC3) at

  1. PayPal Notifies 35,000 Users of Data Breach
  2. Ransomware Email Scam Using FBI and IRS as Bait
  3. Hackers Hit IRS, Stopped Before Anything was Taken
  4. Data Breach Rattles IRS, 334k Tax Payers Data Stolen
  5. Users hit by ransomware via fake IRS tax return emails
Related Posts